MVC :: Strongly Typed User Control On All Pages Based On Login Status And User Role
May 9, 2010
I want to display a menu (which will be strongly typed with it's own unique model) across all pages only if a user is logged in.What menu items are available depend on the user's role and also I'll need to hit the repository to get numbers like "x Messages", etc
Been scratching my head for a simple solution here. Don't want to create something that need changes all over the place.All my controllers derive from a BaseController, all my Models from BaseViewModel....probably where I'll be implementing functionality for this.
I have a tricky requirement where I need to categorise documents attached to a product, available for download, based on the status of the user viewing the product. I.e. my site displays a list of products, clicking on one displays a product details page, and this page includes a list a documents related to the product, such as data sheets, user manuals, etc.
I have been asked to group documents into three classes of availability, v.i.z. those available freely to all users, including anonymous; those available to logged on users; and those available to anonymous users that provide contact information before downloading the document, presumably to boost sales leads.
The anonymous and logged on availabilities are quite easy, but the third seems a bit tricky to me. My first question is, is there a way I can filter documents for only logged on users without hooking into ItemDataBound or something, and my second question is, what is recommended for the case where a user must supply contact information to download a document?
In the second question, it has crossed my mind to actually register the user, but without them having to visit the new user registration page, and then I have role based filtering of documents. Currently the new user registration process automatically adds the Member role to all new users. Users I register 'quietly', just so they can download a document, wont be assigned the Member role, distinguishing them from normally logged on members.
I have developed an application in ASP.NET 3.5 which utilizes the Membership and Roles Providers and Forms Authentication to manage user access and profiles.
There are various area's of this application that are only to be used by an admin users whom login using their email and password and the rest of the users log in using their telephone number and password via their iPhone.
For simplicities sake, I would like to have two different login pages, one that is formatted for the iPhone and performs the correct validation for users adding a telephone number and the other for the application administrators.
I want to redirect the user to their respective login page based on which folder they are attempting to access. For example say I have an application structure like this
I have several pages or views in my application which are essentially the same for both authenticated users and anonymous users. I'd like to limit the insert/update/delete actions in formviews and gridviews to authenticated users only, and allow read access for both authed and anon users.
I'm using the asp.net configuration system for handling authentication and roles. This system limits access based on path so I've been creating duplicate pages for authed and anon paths.The solution that comes to mind immediately is to check roles in the appropriate event handlers, limiting what possible actions are displayed (insert/update/delete buttons) and also limiting what actions are performed (for users that may know how to perform an action in the absence of a button.) However, this solution doesn't eliminate duplication - I'd be duplicating security code on a series of pages rather than duplicating pages and limiting access based on path; the latter would be significantly less complicated.I could always build some controls that offered role-based configuration, but I don't think I have time for that kind of commitment right now.Is there a relatively easy way to do this (do such controls exist?) or should I just stick to path-based access and duplicate pages?
Does it even make sense to use two methods of authorization? There are still some pages which are strictly for either role so I'll be making use of path-based authorization anyway.Finally, would using something other than path-based authorization be contrary to typical asp.net design practices, at least in the context of using the asp.net configuration system?
I'm trying to allow logged user who are in department XYZ to perform some task for my third party App. I have two SQL tables named Users & UserList. The third party app (GoldMine) graps the USERNAME from the Users table and store it as UserID which I then referecnce SessionID. The UserList table has two columns (GM_UserName & Department) which I'm interested in. When a user login into the 3rd party app (GoldMine), i then compare the USERNAME (from Users table) to GM_UserName (from UserList table) and see whether GM_UserName is in = 'Dept XYZ'. Take a look at the SQL query below.
sqlDept = "SELECT USERNAME FROM Users LEFT JOIN UserList ON UserList.GM_UserName=Users.UserName WHERE UserList.Department ='Dept XYZ'"
I'm able to do this.
If Session("Userid") = "TestUser1" Or Session("UserID") = "TestUser2" Then Do this Else Do that End If BUT unable to do this... If user's Department = 'Department XYZ' Then Do This Else Do that End IF
I have LOGIN PANEL for student, and I want to disable it in different page. And only the admin can enable and disable it. I dont know the logic behind here.
I am doing a simple secured site using the login control. I would like users to be redirected to their dashboard page once they log in, but after that if they choose to browse I do NOT want them redirected based on their login status. I am using the generic template provided in VWD with the basic login setup in the template including the tabbed ASP menu control - nothing fancy, nothing custom. This is intended to be something very simple and quick. Here is the code I am using for the page load...
[Code]....
So if I do this code WITHOUT the "IsPostBack", logged in users are always redirected to their dashboard and cannot see the hompage. However with that IsPostBack test, the redirect after initial login doesn't work.
I know this is extremely basic and simple, but I am restarting with this stuff after a year away, and I need a nudge.
Im trying to get my strongly typed master page to work in my ASP MVC 2.0 application.have come far with the help of these two posts:Passing data to Master Page in ASP.NET MVCStrongly Typed ASP.Net MVC Master PagesProblem is that im not sure how to get that ViewDataFactory code to work, this is my code:
BaseController.cs public class BaseController : Controller { private IPageRepository _repPage; public BaseController(IPageRepository repPage) [code]...
I have table called ROLE with fields (id,name,permission) example values (1001,madhu,hr)
I have another table called LOGIN with fields(id,DOB,password) example values(1001,24101989,madhukumar)
What i want is , if i login using the LOGIN table ,it check the id and permission in the ROLE table , if the permission is 'hr' it enable to access the menu , or if the permission is any other it just print the error message ("no permission")
Note: menu is placed in master page , but login is not in the master page ...
I am using visual stuido 2010 and vb. I am trying to direct users to one of three different pages upon sign in, depending on their role. Basically I have three roles: administrators, dealers, and customers And three respective destination page urls: admin/default.aspx, dealer/default.aspx, and customers/default.aspx. Everything I can find in the forums is in C. So far I have nothing, so I guess I'm asking someone to write the whole sub for me. I wish I was more proficient, but I'm working on it.
What if, I'm not using the LOGIN CONTROL but rather creating a Custom Control for Login. Is it possible to have user roles and a site map that redirects to its own destination when the user login?
How to access datas based on user roles in asp.net ? For example : i have two admins (admin1, admin2). In the frontend ,admin1 has full access to datas(view,add,edit,delete all datas) while admin2 has limited access to datas(view,add,edit,delete certain datas alone and not all datas)
This works fine - I have now added to the page a LoginStatus as when they arrive they are loggen in. The problem is when the user clicks the Logg off link I get the error on the page below -
Object reference not set to an instance of an object. Description: An unhandled exception occurred during the execution of the current web request. review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.
Source Error:
[Code]....
Is this because the page load is trying to get the logged on user ID
but they have just logged out?
How can I allow the User to logg out without getting the error?
I want to implement access control for usercontrols depending on user role(s), I want to do it on the control base class, in such way that on every user control I only need to set a string with allowed roles to see the user control
This is how an user control class may look like:
public partial class SimpleMenu : MyUsrControlBase { protected void Page_Load(object sender, EventArgs e)[code]...
How to set up user control visibility from the base class depending on the validation result?Also which event in the user control is the best to set the roles?
I want to know how can i redirect a user to a different page when he tries to access a page restricted to another role?
The scenario is as follows:
I have a folder "Gestao" that only allows users in role "Administrator"
[Code]....
If an anonymous user tries to access that folder he is redirected to the login page, but if a logged in user whose role is "friend" tries to access this folder he is also redirected to the login page. I want to redirect him to a page showing a message that he has no permission to access that page/area.
How can I do that? Should i have code on the Page_load event of the login page checking the user role and then redirect him to the correct page? Or is there some otherway to do this?
I've got a web site that has a master page and that master page (mpMaster that has a user control ucControl1) which has a sub user control (ucControl2), this user control has a property which accepts a value. Now, I have a page that uses the master page and on this page I have another user control (ucPageControl), I need to find a way of setting the value in ucControl2 from ucPageControl. Is this possible at all?
I'm not sure if this is possible or not, I'm using Roles to limit what pages a user can access based on there assigned Role. My question, is there anyway to redirect the user to a specific web page based on thier role after they login.
For example:
If Bob logs in with Role="Automotive", I want him to be redirected to Auto.aspx.If sue logs in with Role="Clothing", i want her to be redirected to cloths.aspx.
I am currently trying to implement a small class attendance system, where the student names are taken from a database, stored in a List<Student>, and bound to a Repeater control. Each row of the Repeater contains two columns: The first is the student's name, and the remaining column contains a RadioButtonList with three ListItems (Present, Absent, Sick).Now, once the user presses "Submit", I want to be able to store their attendance status based on the user selection. However, after submission, the SelectedIndex is always 0, no matter what option is selected.
I have a simple intranet site. It has a role based authorization in the web.config file.
Any user's in a specific role called as "Apr-Sales-Writers" will be authorized to use those pages. If not, they will not be authorized. So far so good. Works fine. But we added additional functionality where a new active directory group (means new role) has to be added and user's belonging to this new AD group should be given access to only specific .aspx pages on the intranet site. I am using a web.sitemap and it looks like this.
If the user's belong to say AD group "Apr-Sales-Writers", they should access only default.aspx and salesData.aspx pages. User's belonging to new AD group (which I did not include in the web.config file below), should have access to other .aspx pages.
I want to execute some logic if the Logged in User can view a page "~/MyPage.aspx". IF the logged in user should be elligible to view the page is determined by the role based security I configured in the web.config file. There are many methods to find out if the user is in role XXX or not. But I did not find any method to find out if the user can view a page or not ahead of transferring the user to that page. Maybe I will hide a link to a specific page to the logged in user if the user is not elligible to view that page if I know the technique i am asking here to know.
I personally dont like doing this as i find it makes it harder for me to know if someone changed the field name, or mis typed it during development - the other way you won't know until the page loads.
With the strongly typed version if something changes in your DAL etc the build will break - letting me know I've messed up.
Why do so many people appear to use weakly typed code in ASP.Net (in examples, MVC, etc)? Am i missing something?
I have a site using a single master.page. In the master.page I have a strongly typed user control (.ascx) called "ControlPanel". Its type is ControlPanelViewModel.
<%@ Master Language="C#" Inherits="System.Web.Mvc.ViewMasterPage" %> <body> <% Html.RenderPartial("ControlPanel"); %> <!-- Here I need to pass the ControlPanelViewModel --> <!-- main content area --> </body> </html>
